666c246bd662275c5a7330b4de2e51a7f86556390c0b79b1d774378e7eac8cb0

Sharing

Copy URL

Twitter E-mail

General

Target

666c246bd662275c5a7330b4de2e51a7f86556390c0b79b1d774378e7eac8cb0
Size

3.3MB
MD5

e211b2b230ef040fe40bc380899990fc
SHA1

fe36dbf3efa775193b82ce03d1b329d3feced487
SHA256

666c246bd662275c5a7330b4de2e51a7f86556390c0b79b1d774378e7eac8cb0
SHA512

d8e52248278898617e42afe93171f4400612b37b596c8fef5d7f7d98a217a1f8ff86414a4f9e567d316980309a4e8d98050877dcef139f24cb77c85764d979a3
SSDEEP

49152:IpMb87gil2wlWJDddoneZxq03EjlI+pOZjlx+o1Mj+6001YP:9bZRE4+Kr60n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
666c246bd662275c5a7330b4de2e51a7f86556390c0b79b1d774378e7eac8cb0

Files

666c246bd662275c5a7330b4de2e51a7f86556390c0b79b1d774378e7eac8cb0
.exe windows:6 windows x64 arch:x64

dd2f2ecf71382d689c11a821fa0e4cae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
RtlPcToFileHeader
NtDeviceIoControlFile
NtCreateFile
NtQuerySystemInformation
RtlGetVersion
NtWriteFile
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext
NtQueryInformationProcess
NtCancelIoFileEx

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessTimes
GetCurrentProcess
GetEnvironmentVariableA
GetCurrentProcessorNumber
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GetLargePageMinimum
FreeLibrary
GetProcAddress
LoadLibraryA
GetStdHandle
GetNumaHighestNodeNumber
SetFileCompletionNotificationModes
GetNumaNodeProcessorMask
WriteConsoleA
GetConsoleScreenBufferInfo
WriteFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetTickCount64
FlsFree
CreateMutexA
GetLogicalDrives
GetDiskFreeSpaceExW
GetExitCodeProcess
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
LocalFree
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetCurrentProcessId
SetHandleInformation
SleepConditionVariableSRW
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
EncodePointer
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
ReadProcessMemory
CreateFileW
FlsSetValue
FlsAlloc
GetLastError
GlobalMemoryStatusEx
WaitForSingleObjectEx
GetSystemTimeAsFileTime
GetCurrentThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
CloseHandle
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
Sleep
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetUnhandledExceptionFilter
SetFileInformationByHandle
DuplicateHandle
CreateThread
WriteFileEx
SleepEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
UnhandledExceptionFilter
ReleaseMutex
GetModuleHandleA
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
LoadLibraryExW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW

user32

FindWindowA

ws2_32

bind
connect
getsockname
getpeername
ioctlsocket
getsockopt
shutdown
send
WSASend
closesocket
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
recv
WSACleanup
WSASocketW
freeaddrinfo
getaddrinfo

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
DeleteSecurityContext
LsaGetLogonSessionData
QueryContextAttributesW
FreeCredentialsHandle
ApplyControlToken
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken
SystemFunction036
IsValidSid
GetLengthSid
CopySid
RegSetValueExW
RegCloseKey
LookupAccountSidW
RegQueryValueExW
LookupPrivilegeValueA
GetTokenInformation

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateChain
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

pdh

PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

shell32

CommandLineToArgvW

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups

api-ms-win-crt-string-l1-1-0

wcslen
wcsncmp
strcpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
exit
_exit
terminate
__p___argc
_configure_narrow_argv
_set_app_type
_seh_filter_exe
__p___argv
_cexit
_c_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
_initterm_e
_register_onexit_function
abort
_errno
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsprintf
_set_fmode
__p__commode
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
free
realloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2f2ecf71382d689c11a821fa0e4cae

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

secur32

advapi32

crypt32

bcrypt

pdh

powrprof

psapi

ole32

oleaut32

shell32

iphlpapi

netapi32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 17KB - Virtual size: 222KB

.pdata Size: 119KB - Virtual size: 119KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 17KB - Virtual size: 222KB

.pdata
Size: 119KB - Virtual size: 119KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 20KB - Virtual size: 20KB